<<< Chronological >>> Author Index    Subject Index <<< Threads >>>


On Sep 15, 12:30pm, Chuck Foster wrote:
> Subject: Re: SMTP AUTH?
> On Tue, 15 Sep 1998, Bertold Kolics wrote:
> > I don't think that it is so easy to detect an open mail relay. Even
> > an MTA can accept a mail, it does *NOT* mean that it will relay a
> > message.
> One of the more interesting projects we thought about was to set up a
> server which wouldn't be listed in any standard customer configuration,
> and then use that to collect unauthorised mail relaying (since in theory
> only those who looked for it would use it, not normal mail delivery).

This is the classic honey-trap approach.  A variation is to pollute the
spammers e-mail list with phony addresses, and trap these addresses in
your mail relay.  Of course, execution of these traps requires some level
of secrecy...

> Then, we could use the connecting MTA details for possible local
> relay control, and to collect the spam that they send for analysis.

I think that this is the key to the solution.  What we need is a
"red-alert" network, where the first server that detects an incoming spam
can quickly propagate its characteristics to the other servers in the

Once a spam has been detected, it is possible to take interesting
counter-measures, such as refusing mail altogether (if the spam had been
already relayed) or accepting mail very very slowly, if it comes from the
spam source.  This slows the spammer, and allows for the implementation of
further measures, e.g. auditing, accounting, complaints...

Christian Huitema

<<< Chronological >>> Author    Subject <<< Threads >>>